Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

Trying to trace where a suspicious file came from that appeared on my Exchange Server.

I have found a couple suspicious password hacking program files residing in a temp folder on my Exchange Server.  To be exact, I found L0phtcrack & Samdump files, and a few others,  in zip format.  It also looks as though someone tried to install L0phtcrack on the server.  Or they succeded in doing so & then later deleted the program without uninstalling it.  A colleague told me about a utility he once had called "Snoop Plus" (or something like that).  This utility, he said, would be able to tell me, among other things, precisely where these files originated from.  For example, if the files were copied from another PC on the network to the Server's drive, the utility would be able to tell me what PC had copied the files onto the server. Or if they were copied from a CD it would tell me that the originated from another local drive on this Server.  Is there such a utility?? Where can I find it?  The only utility I've found on the web with the name Snoop, appears to be a Sun Solaris utility.  Is there another way to narrow down where these files originated from??  Thank you.

Added Comment:  Thanks for the Suggestion 'CSuvendra'.  Unfortunately it is a FAT partition & I cannot access any ownership properties.
0
rvshrader
Asked:
rvshrader
1 Solution
 
ITsheresomewhereCommented:
listening here....

ITsy
0
 
CSuvendraCommented:
Just a suggestion. You can always check the Ownership of the zip File from Properties and check who downloaded the file on the Server. Maybe that will give you an insight.
0
 
JW2Commented:
How about Who's Watching Me at www.trapware.com
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now